I'm building a small app with Angular2 (hosted locally via lite-server), to summarise time captured in YouTrack, and show an overview thereof, so my team can see what they've captured time for in the last few days and on which projects. I've set up a Service on our Hub, marked it as trusted, set up my redirect_uri, and followed the OAuth 2.0 Login procedure for Implicit login. Here's my request:
GET: https://<my company>.myjetbrains.com/hub/api/rest/oauth2/auth?response_type=token&request_credentials=default&client_id=<my app's service id from the hub>&redirect_uri=http://localhost:3000/dashboard/&scope=<my YouTrack service id>
Obviously substituting as necessary.
I am then taken to the YouTrack login page, I log in, and I get redirected back to my redirect_uri with an access token. The url looks something like this:
http://localhost:3000/dashboard/#access_token=<my access token>&scope=<my YouTrack service id>&token_type=Bearer&expires_in=3600
Just as expected, right?
Now I strip off the access token in my JS client app, and make a new request to YouTrack, as follows:
Authorization: 'Bearer <my access token>'
GET: https://<my company>.myjetbrains.com/youtrack/rest/project/all
And I get back a 401: Unauthorized.
But why? What am I doing wrong here?
I've also tried following this flow in my browser, and also from the popular Chrome App, PostMan, to no avail.